How to generate self signed SSL certificate for Glassfish v3 and import it into Java keyring

Java applications that use ssl to consume web services via jax-ws or use HTTP clients may check the SSL certificate of the server in runtime. In case if your certificate is self signed or Common Name of the certificate does not match the domain name you will get connection errors.

To be able to develop applications you may need to run them on dev/qa servers and then allow your Java application consume these services. To do it you will need to import their SSL certificates into your local Java keyring (the same way you add exception rules into your browser).

Installing PHP 5.3.3 from packages on Debian Lenny with apc, xdebug, memcache etc

Building apache and PHP with all its extensions may be fun once or twice but it is a major pain in the neck. So to avoid that (and to have it before Debian Squeeze is released) you can use e special dotdeb repository of almost everything that you may need as a web dev. It is especially convenient if you have a few development servers to update with different configurations and you don't want to waste too much time on it.

Review - The Art of Capacity Planning

Good news, another good book!

The Art of Capacity Planning is a really decent book with a good overview of how to measure and predict web based applications load.

Book is very short (130 pages) but I love that in books. Author does not waste time nor paper just goes straight to the point.

Zend Studio debugger toolbar for firefox 3.6

The latest version of Firefox 3.6 does not work with Zend Studio Toolbar which is necessary to use debugging and profiling in Zend Studio for Eclipse. There is a working solution though :)

Some nice people prepared modified xpi file which can be downloaded and installed with firefox 3.6. It works like a charm.

HTTP response splitting and mail headers splitting attacks

There are two similar security issues both taken care of by Suhosin patch and strict escaping/encoding rules. They both relate to injecting new lines into headers of network protocols. They are not very well known and i think its worth mentioning it.

HTTP response splitting is a web based attack where hacker manages to trick the server into injecting new lines into response headers along with arbitrary code. If you use GET/POST parameters in the headers like cookie or location, then someone could provide new lines with XSS attack.

Common example would be server redirecting to new location based on some variable (like url). To do it safely you should always encode/escape/cast strings before passing them into header PHP function.

Review - JavaScript: the good parts

In my opinion "JavaScrip: the good parts" is a good book. It is a little bit different than other books i have read so far but it contains a few great fragments and just for that reason it is worth reading it.

The book is very short but it is a good thing. Author expects some knowledge of programming and JavaScript it self and does not waste time on lengthy examples or tedious explanations. Book is focused all the time and reading it is quite entertaining.

Most important things a PHP developer has to know about XPath

I had an interesting task some time this year and i wrote down a few little bits for myself with intention to write an article later on. I might need it and it might help some others too so here is a list of most important things you have to know about XPath if you are a PHP developer.

How to setup terracotta session clustering and replication for apache tomcat 6

Terracotta is an amazing piece of software and it comes with some really cool tools and features. To enable Tomcat 6 session replication via terracotta you need to do a few things but its relatively simple lets do it.

Learning the difference between php_admin_value and php_value the hard way ;)

Even after years in the business you still get these moments: "Ok, why is this not working? wtf?". It happened to me recently while moving applications between hosts. I did not notice that one of the settings for the application was using php_admin_value.

The difference is described in details here: php configuration settings

How to import self signed SSL certificate to Java keystore (adding https certificate)

If you are writing a Java or grails application and want to consume https web service or download something over SSL you may need to add the certificate manually to the keystore.

If your web service does not have properly signed certificate (like self signed ones) then you have no choice. Libraries may throw exception and you wont be able to access the resources. But no fear there is an easy way to fix it and add any SSL certificate to local keystore.

Syndicate content

About the author

Artur Ejsmont

Hi, my name is Artur Ejsmont,
welcome to my blog. I am a passionate software engineer living in Sydney and working for Yahoo!

Web Scalability for Startup Engineers

If you are into technology, you can order my book Web Scalability for Startup Engineers on Amazon. I would love to hear what are your thoughts so please feel free to drop me a line or leave a comment.

Follow my RSS